[Dbix-class] Read only resultsets

piotr pogorzelski pp at webtel.pl
Tue Aug 24 15:01:03 GMT 2010


-------- Original Message  --------
Subject: [Dbix-class] Read only resultsets
From: Dan Horne <dan.horne at redbone.co.nz>
To: dbix-class at lists.scsys.co.uk
Date: Thu Aug 12 2010 01:08:08 GMT+0200 (CET)

> The recent discussion on read only objects has got me wondering. Say one has
> an app which basically sends result sets to TT templates. What stops a
> malicious designer from doing DB updates in the templates since they have
> the RS objects? I could mimic the DBI solution of returning arrayrefs of
> hashrefs, but that doesn't allow for the chaining of methods to get related
> resultsets, Nor would it give me access to pagination info.
>

That's why i convert DBIx::Class objects to hashes or some MiddleLayer 
objects, when returning data from model (when I cannot trust what's done
in templates).  So before rendering, have to think what is needed in 
View, all data must be retrieved, and processed.  Then only displayed.

Some extra work, but if i cannot trust TT ...

Read only objects? well if it can be made read-only, probably it could 
also be made read-write


--
pp



More information about the DBIx-Class mailing list